Unrated severityNVD Advisory· Published Aug 25, 2012· Updated Apr 29, 2026
CVE-2012-3501
CVE-2012-3501
Description
The squidclamav_check_preview_handler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cause a denial of service (daemon crash) via a URL with certain characters, as demonstrated using %0D or %0A.
Affected products
15cpe:2.3:a:darold:squidclamav:5.0:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:darold:squidclamav:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:darold:squidclamav:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:darold:squidclamav:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:darold:squidclamav:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:darold:squidclamav:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:darold:squidclamav:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:darold:squidclamav:5.6:*:*:*:*:*:*:*
- cpe:2.3:a:darold:squidclamav:5.7:*:*:*:*:*:*:*
- cpe:2.3:a:darold:squidclamav:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:darold:squidclamav:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:darold:squidclamav:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:darold:squidclamav:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:darold:squidclamav:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:darold:squidclamav:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:darold:squidclamav:6.6:*:*:*:*:*:*:*
Patches
180f74451f628https://github.com/darold/squidclamavvia nvd-ref
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- github.com/darold/squidclamav/commit/80f74451f628264d1d9a1f1c0bbcebc932ba5e00nvdExploitPatch
- secunia.com/advisories/49057nvdVendor Advisory
- squidclamav.darold.net/news.htmlnvdVendor Advisory
- freecode.com/projects/squidclamav/releases/346722nvd
- www.openwall.com/lists/oss-security/2012/08/16/2nvd
- www.openwall.com/lists/oss-security/2012/08/16/4nvd
- www.osvdb.org/84138nvd
- www.securityfocus.com/bid/54663nvd
- bugs.gentoo.org/show_bug.cginvd
News mentions
0No linked articles in our index yet.